Marking the 10-Year Anniversary of the First XACML Interoperability Demo

It’s hard to believe, but it’s already been 10 years since I had the honor to host the first ever XACML interoperability demonstration at Burton Group’s Catalyst conference in June of 2007. We had a long tradition of hosting interoperability demonstrations, but they were typically associated with single sign-on and federation protocols, such as SAML, multi-federation protocols, a user-centric interoperability demonstration, and even SPML. However for this event, the focus was on access control and the Extensible Access Control Markup Language.

The “wayback” machine, fortunately, captured some posts about the event. For example, we put out a call to action in February that year to line up vendor participation:

Leading up to the event, I posted this 2 weeks before Catalyst:

OASIS has an excellent recap here: https://www.oasis-open.org/news/pr/eight-companies-demonstrate-interoperability-of-xacml-oasis-standard-at-catalyst-conference. Anil Saldanha (@anilsaldhana) also wrote up a short summary of the event and was wise enough to capture  Hal Lockhart interviewing the participants. You can find the blog post and a link to the podcast here: http://anil-identity.blogspot.com/2007/06/oasis-xacml-interoperability-event-at.html

XACML remains an important interoperability standard for Axiomatics, as we use it in a number of integrations with third party products. In version 3.0 of XACML, new profiles have been added recently that further enhance interoperability between different implementations of XACML. I am referring to the profiles for REST and JSON support, which are additive to the core specification.

Questions? Comments? Leave a comment below.

To learn more about XACML, please visit our Resources section.

Related Articles

Meeting today’s dynamic authorization and access challenges: The Axiomatics story | Dynamically Speaking
Dynamically Speaking
For more than 15 years, Axiomatics has worked with companies worldwide to define and deliver solutions to the most complex authorization and access challenge. In...
Getting started with Zero Trust using dynamic authorization | Dynamically Speaking
Dynamically Speaking
Zero Trust. It’s everywhere. It’s a methodology that’s been around for years, and we are now seeing a significant uptick in the number of enterprises...
The case for dynamic authorization in banking and finance
Attribute Based Access Control (ABAC)
More than other organizations, banks, and financial institutions face the highest levels of scrutiny when it comes to how they protect critical assets and sensitive...